Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6660 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.0 MEDIUM | 6.2 MEDIUM |
| Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | |||||
| CVE-2018-6500 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal. | |||||
| CVE-2018-6409 | 1 Machform | 1 Machform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter. | |||||
| CVE-2018-6397 | 1 Joomlacalendars | 1 Picture Calendar | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter. | |||||
| CVE-2018-6356 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded. | |||||
| CVE-2018-6184 | 1 Zeit | 1 Next.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. | |||||
| CVE-2018-6022 | 1 5none | 1 Nonecms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter. | |||||
| CVE-2018-5997 | 1 Ravpower | 1 Filehub Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root. | |||||
| CVE-2018-5755 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet. | |||||
| CVE-2018-5716 | 1 Reprisesoftware | 1 Reprise License Manager | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
| An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file. | |||||
| CVE-2018-5700 | 1 Magicwinmail | 1 Winmail Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder. | |||||
| CVE-2018-5448 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system. | |||||
| CVE-2018-5445 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. | |||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | |||||
| CVE-2018-5310 | 1 Media From Ftp Project | 1 Media From Ftp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. | |||||
| CVE-2018-5291 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | |||||
| CVE-2018-5290 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | |||||
| CVE-2018-5289 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | |||||
| CVE-2018-5287 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | |||||
| CVE-2018-5283 | 1 Photos In Wifi Project | 1 Photos In Wifi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. | |||||